LogRhythm Smart Response Plugin

The ThreatConnect integration package for LogRhythm allows LogRhythm users to interact with threat intelligence in ThreatConnect directly from the LogRhythm Console by using a set of LogRhythm plugin actions. The integration package can perform functions such as retrieving Indicator details and reporting observations and false positives to ThreatConnect.

First, aggregated logs from LogRhythm are combined with user’s threat intelligence in ThreatConnect. ThreatConnect provides context with the indicators, and enables the security team to easily spot out-of-the-ordinary trends or patterns and act on them efficiently. Upon a correlation rule match, a smart rule will trigger a playbook and create an observation in ThreatConnect, updating an observable indicator dashboard simultaneously. On top of that, users in ThreatConnect can search LogRhythm via API to search for an indicator over a time period.

Features & Benefits

Sends all available threat data from ThreatConnect into LogRhythm for validated alerting
Provides the necessary context to be able to take action on the indicators
Enables real-time threat analysis and indicator correlation
Automates the detection of advanced threats
Ensures that you are sending validated threat intelligence to LogRhythm

To enable the plugin, please reach out to your ThreatConnect Customer Success Manager.

Categories:

ThreatConnect

LogRhythm Smart Response Plugin

Developers

Company

Related Resources

Categories:

ThreatConnect

LogRhythm Smart Response Plugin

Related Apps

Devo

SIEM and Analytics

Elastic Security

SIEM and Analytics

ElasticSearch

SIEM and Analytics

Developers

Company